LINKS

Reading SMTP Headers

If you're looking to read SMTP headers, then you probably have an email that you want to trace the origin of.

In this email, you will find a lot of Received: headers. Read these from the top down to get them in reverse chronological order. That means that the particular header that you are most interested in is going to be the one bottom (the earliest one).

And we see that the IP address is part of a netblock which is registered to a telco in Vietnam. In their remarks section, they have provided an abuse email address, so you can contact them to report abuse of their network, such as sending spam emails like this one. Good luck with that.

If you do not have access to a WHOIS tool, you can use a web-based service to look up the IP address with the relevant regional internet registry (RIR). European IP addresses are registered through RIPE. North American IPs are registered through ARIN. Asian and Pacific Rim IP addresses are registered via APNIC. African IP addresses can be found with AFRINIC. Central and Southern American IP addresses are registered with LACNIC. If you're not sure which one to query, you can query either LACNIC or APNIC, as these two will refer your query to other RIRs to get the right answer. Or you can just cheat and use something like ping.eu.